In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
⚡ Free Vulnerability Prioritization Tools That Save CISOs Time ⚡
Thousands of vulnerabilities hit every year – but not all deserve your team’s immediate attention. The real challenge for CISOs is knowing which ones matter most, right now. Here are free tools that help cut through the noise and focus on what’s critical:
1️⃣ EPSS (Exploit Prediction Scoring System) – Prioritizes based on likelihood of exploitation in the wild.
🔗 https://www.first.org/epss/
2️⃣ CISA KEV Catalog – Free authoritative list of vulnerabilities actively exploited by adversaries.
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
3️⃣ Vulners.com – Aggregates threat intelligence, exploits, and vulnerability data with prioritization insights.
🔗 https://vulners.com
4️⃣ Qualys TruRisk Free Tier – Helps identify and prioritize vulnerabilities by risk scoring.
🔗 https://www.qualys.com/trurisk/
5️⃣ OpenVAS (via Greenbone) – Vulnerability scanner with reporting that supports prioritization workflows.
🔗 https://www.greenbone.net
6️⃣ Kenna EPSS Explorer (Free) – Combines CVEs with EPSS data for prioritization dashboards.
🔗 https://risk.io/labs
7️⃣ VulnCheck Free Portal – Provides exploit intelligence to identify which CVEs are weaponized.
🔗 https://vulncheck.com
💡 Takeaway: Patch everything is not a strategy. These free tools let CISOs patch smart, focusing resources on the vulnerabilities most likely to be used in attacks.
At AUMINT.io, we help CISOs go further – by simulating how attackers actually exploit overlooked human and technical gaps, then providing data-driven insights to prioritize awareness and defenses.
🔗 Curious how your org would rank if attackers targeted your employees first? Book a free demo
#VulnerabilityManagement #CISO #CyberSecurity #ThreatPrioritization #AUMINT
The Rising Threat of Phishing – How Clever Scammers Exploit Trust
🚨 Phishing Attacks Are Getting Smarter
💡 Recent campaigns targeting Booking.com users demonstrate how attackers exploit trust and familiarity to steal credentials.
⚠️ Personalized emails referencing recent bookings make it nearly impossible to distinguish legitimate communications from malicious ones.
🔍 Human behavior remains the primary vulnerability – clicking links or providing credentials opens doors for attackers.
🔥 AUMINT Trident simulates real-world phishing attacks, providing insights and ongoing training to strengthen your human firewall.
📅 Don’t wait until it’s too late – protect your workforce and sensitive data now: https://calendly.com/aumint/aumint-intro
.
#CISO #CyberSecurity #SocialEngineering #FraudPrevention #HumanFactor #EmployeeAwareness #Phishing
🔍 Free Insider Threat Detection Tools CISOs Can’t Ignore 🔍
Not every threat comes from the outside – some of the most costly breaches start with insiders, whether accidental or malicious. The good news? There are free and open-source tools CISOs can use today to strengthen insider threat visibility.
Here are some to explore:
1️⃣ OSSEC – Open-source HIDS that monitors log files, rootkits, registry changes, and suspicious activity.
🔗 https://www.ossec.net
2️⃣ Wazuh – SIEM + threat detection platform with powerful log analysis and insider risk visibility.
🔗 https://wazuh.com
3️⃣ Graylog (Open) – Log management for monitoring anomalous patterns that may indicate insider misuse.
🔗 https://www.graylog.org
4️⃣ Zeek (formerly Bro) – Network monitoring framework that can flag unusual internal data flows.
🔗 https://zeek.org
5️⃣ TheHive – Open-source SOC platform for incident response with insider threat detection workflows.
🔗 https://thehive-project.org
6️⃣ Prelude OSS – Hybrid IDS that supports insider activity monitoring and alert correlation.
🔗 https://www.prelude-siem.org
7️⃣ Sysmon (Microsoft Sysinternals) – Tracks detailed process, file, and registry activity for insider behavior detection.
🔗 https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
⚡ Takeaway: Insider threats are harder to spot than external attacks because they often look like legitimate activity. These free tools give CISOs eyes inside the perimeter without blowing budgets.
At AUMINT.io, we go further – by simulating social engineering and insider-like attack vectors to see how employees react, then delivering targeted awareness to stop the threat at its source.
🔗 Ready to uncover how your employees would respond to insider-style scenarios? Book a free demo
#InsiderThreats #CISO #CyberSecurity #ThreatDetection #AUMINT